oard.com
>X-Spam-Level:
>X-Spam-Status: Yes, score=8.6 required=5.0 tests=BAYES_00,MISSING_SUBJECT,
> RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SPF_NEUTRAL,TO_CC_NONE,
> UNIQUE_WORDS,UPPERCASE_50_75 autolearn=no version=3.1.0
>X-SA-Exim-Version: 4.2 (built Fri, 04 Mar 2005 01:3
+1304,7 @@
/* Add the authenticated sender address if present */
-if (smtp_authenticated && local_authenticated_sender != NULL)
+if ((smtp_authenticated || force_authenticated) && local_authenticated_sender
!= NULL)
{
string_format(p, sizeof(buffer) - (p-buffer), " AUT
On Fri, 24 Feb 2006, Phil Pennock wrote:
> Date: Fri, 24 Feb 2006 14:02:12 +0100
> From: Phil Pennock <[EMAIL PROTECTED]>
> To: exim-users@exim.org
> Cc: Dennis Davis <[EMAIL PROTECTED]>
> Subject: Re: [exim] [Patch supplied] Exim enhancement request.
...
> The OP
hould be useful for stripping out the attachments. Or at
least a useful starting point.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
ut to zero for such connections. However this
# variable isn't expanded. So we'll set rfc1413_hosts instead.
rfc1413_hosts = ${if eq{$interface_port}{SMTP_PORT} {*}{! *}}
rfc1413_query_timeout = 20s
[1] I suspect this is one of the causes of the synchronisation
errors I see in my logs. Pump
rt.americangreetings.com ([216.33.97.79])
by roche.bath.ac.uk with smtp id 1FRVTS-Vg-6r
for [EMAIL PROTECTED]
(return-path <[EMAIL PROTECTED]>); Thu, 06 Apr 2006 15:28:38 +0100
so again the message arrived directly from an americangreetings.com
server. Now I'v
of this comment.
Certainly a far more ambitious development of MMDF didn't include
this specific facility. Documentation dating from 1991[1] includes
the statement:
PP does not support the MMDF syntax that allows users to give an
address as [EMAIL PROTECTED]
[1] Stephen E Kille, "
this mail server to fix this.
See the description for the main configuration parameter
"helo_allow_chars" if you want to allow this character in the
HELO/EHLO greeting.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
99_sare_fraud_post25x.cf
70_sare_random.cf bogus-virus-warnings.cf
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://
x $sender_helo_name
condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}
should do it.
You might also like to reject a few others indicating a suspect host,
eg hosts thinking they're called "localhost.localdomain".
--
Dennis Davis, BUCS, University of Bath, B
55 H=(netzero.com) [220.171.78.157] I=[138.38.32.23]:25
F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: 220.171.78.157 is
listed in rbl-plus.mail-abuse.ja.net
220.171.78.157 appears to be registed to a Chinese network.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7A
plicit value may not be
present in the configuration file.
The default setting of rfc1413_query_timeout has changed to 5
seconds in exim-4.62. I believe this change was made after some
discussion on this list.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
tching a lot. For example:
2006-06-27 14:03:43 H=220-130-128-65.hinet-ip.hinet.net (MOEMOE-5TTEVLXH)
[220.130.128.65] I=[138.38.32.23]:25 F=<[EMAIL PROTECTED]> rejected RCPT
<[EMAIL PROTECTED]>: invalid HELO syntax MOEMOE-5TTEVLXH
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[
for clamd.conf.
You *could* reduce the default value and see what happens.
I've never done this so can't say how it'll behave. Note that
reducing the value sharply does have the potential for creating
false positives.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2
! authenticated = *
early in your acl_smtp_rcpt set. And make sure that your
acl_smtp_auth is properly set up, eg requiring an encrypted
connection for PLAIN or LOGIN authentication.
[1] I strongly suspect that this is because HELO handling is still
governed by RFC 821 which didn't kn
gt; scan is found to be viral. This seems to be due to a script in
> > Exim designed to show when a virus has been found when scanning
> > a file,by matching the string 'found' in the output from SWEEP.
...
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EM
ing the simple example that ended
> > up in the manual. It will be changed in the next release.
>
> I blame my lack of clearvoyant superpowers :)
Will these will be on your Christmas present list :-?
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
u want to cover all possibilities.
[1] But, sigh, I see plenty of SMTPS connections here. So I have
to offer this service.
[2] Which is what this message uses to start its journey.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 38
ning I saw:
Content-Type: APPLICATION/OCTET-STREAM; name="picture8968..bmp. exe"
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="picture8968..bmp. exe"
in a copy of Worm.Stration.NM (ClamAV name).
You may need to adjust your ACLs etc
h the system and have noted that the hints database is
> approaching 1Gb which sounds excessive! Does anyone know the
> ramifications of this and what can be done to shrink it?
Are you periodically running exim_tidydb? See sections 49.11 to
49.14 of the manual.
--
Dennis Davis, BUCS, Univer
5
Html.Img.Gen013.Sanesecurity.06162900 ClamAV 66
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use
On Fri, 8 Dec 2006, Chris Lear wrote:
> From: Chris Lear <[EMAIL PROTECTED]>
> To: exim-users@exim.org
> Cc: Dennis Davis <[EMAIL PROTECTED]>
> Date: Fri, 08 Dec 2006 15:52:54 +
> Subject: Re: [exim] Blocking Stock Spam ACL
...
> Sounds good, but this pag
On Fri, 8 Dec 2006, Dennis Davis erroneously wrote:
...
> The signature databases mentioned by Stephen Gan also look
Sigh, make that Stephen Gran. Apologies, usual dyslexic typing
fingres...
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Ph
) for
updated databases. It's the SelfCheck option in /etc/clamd.conf.
> Do you have a script for that?
Yes, see above. I expect my scripts would be easily adapted to
download the mirror.msrbl.com databases. I'll look at this next
week.
--
Dennis Davis, BUCS, University of Bath, Bath,
om an exim transport
filter.
(Usual disclaimer applies, I've never used this software.)
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details a
ashing on your
cyrus server. Ie have:
fulldirhash: yes
hashimapspool: yes
set in /etc/imapd.conf
I've got this running here on a little test server (exim-4.66,
cyrus-2.3.7). It works well for me.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
Rejected RCPT: imposter 138.38.32.23
214 Rejected RCPT: imposter coppi.bath.ac.uk
186 Rejected RCPT: Charlatan, how can you be bath.ac.uk?
71 Rejected RCPT: Charlatan, how can you be ukoln.ac.uk?
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PR
ment
($found_extension)
#demime = NASTYGRAMS
Note the above code doesn't take account of email sent to two or
more people with different individual settings.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
##
So we'll set rfc1413_hosts instead.
rfc1413_hosts = ${if eq{$received_port}{SMTP_PORT} {*}{! *}}
rfc1413_query_timeout = 15s
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listi
et by MAIL, RSET, EHLO, HELO, and
after starting up a TLS session.
so shouldn't you be using a connection variable (acl_c1) ?
^
| "c", not "m"
--
Dennis Davis, BUCS, Un
ington.edu/imap/imap-2006i.tar.Z
I'm sure there'll be others. As indicated, I've never made heavy
use of any of this software.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim
condition = ${if >{$spam_score_int}{20}{1}{0}}
> condition = ${if <{$spam_score_int}{50}{1}{0}}
>
> warn message = X-Spam-Category: LOW
> spam = nobody
> condition = ${if >{$spam_score_int}{10}{1}{0}}
> condition = ${if <{$spam_score_int}{20}{1}{0}}
> .endif
--
Dennis
also need a:
rcpt_include_affixes = true
on the appropriate transport. Something I had to remember to do
recently when playing around with list manager software.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List detail
have any example config files
> of how best to set this up?
You might like to have a look at:
http://www.exim-new-users.co.uk/content/view/95/39/
and see how Jason Meers integrates exim with exchange.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
locally, that is, if there is no associated remote host
address. When Resent- header lines are present, this applies to the Resent-
lines rather than the non-Resent- lines.
You can modify this behaviour by using:
control = submission
in an appropriate ACL. See Chapters 39 & 43 of
acl_smtp_connect = acl_check_connect
>
> acl_check_connect:
> delay = 10s
Have a look at Cambridge's configuration in Tony Finch's paper:
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/
for a more sophisticated setup. For example you might not want
to d
.
>
> Anyone have any ideas how to combat this?
Have a look at the ratelimit stuff that Tony Finch put into
exim-4.52.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailma
hare how to do this, it would be great fully be
> appreciated.
It's using callout verification. Described in Section 39.31 of the
exim manual.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http
This *isn't* the default and has to be there
for clamd to pick up it's in exim's group. After this, clamd should
have access to exim's spool files and the daemon interface should
work.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
e.
>
> but
>
> headers_add and warns always adds it at the bottom
>
> How to I add a header to the top?
You can't do this in system filter, router etc. You can only
do it in an ACL. See Section 39.19 of the manual for details.
--
Dennis Davis, BUCS, University of Bat
ust change the lines:
/* The numbers of connection and message variables for ACLs */
#define ACL_C_MAX 10
#define ACL_M_MAX 10
in src/macros.h.
NOTE that I haven't tried this; use at your own risk.
This still might be worth a wishlist item if many people are running
out of acl variables.
Contains an URL listed in the SBL blocklist
* [URIs: aspartames.net]
* 2.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: aspartames.net]
End SpamAssassin results
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[E
ure. Would
having rfc1413_query_timeout undergo string expansion be a suitable
wishlist item?
You'd probably have to do this by suitable string expansion on
rfc1413_hosts, ie something like:
rfc1413_hosts = ${if eq{$interface_port}{587}{}{*}}
(not tested)
To my mind this isn't quite so cl
d this? or can anyone advise a look around for this?
Use:
control = submission
in an appropriate ACL. Submission mode is described in Chapter 43
of the exim manual. A Message-ID header will be added if necessary.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
g. This will be useful when
# looking for authenticated SMTP connections.
log_selector = +incoming_interface
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim det
n reliably add a Message-Id header to
> outgoing mails (my Outlook -> my Exim [HERE]-> internet relays)
> for Outlook 2003 "compatibility"?
...
Use:
control = submission
in an appropriate ACL. Submission mode is described in Chapter 43
of the exim manual. A Message
rt
> 1. How do that?
Described in Chapter 13 of the exim manual. Use daemon_smtp_ports
in the main configuration section.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/
lists several implementations for exim. I've not looked in detail
at any of them as I don't use greylisting.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/l
uld probably be switched to:
# id $message_exim_id\
for Exim version 4.53 and above.
> # ${if def:received_for {\n\tfor $received_for} }
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at h
irus scanners I use, and not both.
However the last thing you want to do is actually deliver the message
in this case. That's why I divert the message elsewhere.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details a
erBook) does not turn up anything on the matter of
> message-id. (or demon.co.uk // demon.net)
We had a thread on this earlier this month:
10 Oct 05 Matt Sealey [exim] Adding missing Message-Id header
10 Oct 05 Dennis DavisRe: [exim] Adding missing Message-Id header
10 Oct 05 David
iggering Cyrus's strict checking. We don't use this transport
# all the time for efficiency reasons.
#
# Not this may not be the right thing to do if messages have been
# digitally signed etc. However anyone smart enough to do this
# should also be smart enough to not use a crapware MU
5\d{4}$\N}{no}{yes}}
to ensure that the regular expression isn't expanded...not that I've
tested this...
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
is not encrypted, and the
result of the expansion is empty, thus matching no hosts. Otherwise,
the result of the expansion is *, which matches all hosts.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http:/
ot;sweep --help" to get a list of the options.
You might want to have a look at the sophie daemon.
http://www.clanfield.info/sophie/
Using Sophos sweep is expensive. Busy mail servers can really
profit from using sophie.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED]
m:
#!/bin/sh
clamd=/usr/local/sbin/clamd
exec $clamd
and make sure you set:
# Don't fork into background.
# Default: disabled
#Foreground
Foreground
in /etc/clamd.conf
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
the good one(s) to use. We currently
use SORBS, Spamhaus and the JANET subscription to MAPS. Others may
give differing advice.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://www.exim.org/mailman/l
l buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone:
($0), Cyrus IMAP ($0), Dovecot IMAP ($0), OpenBSD ($0)
etc...but I still can't get the price up to something a manager
would boast about spending...
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details a
Meer's paper on the
subject of interest. This paper was presented at the first Exim
conference in February 2005. See:
http://www.uit.co.uk/exim-conference/full-papers/jason-meers.pdf
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386
eve this is on the wishlist for enhancements to exim. See
item 48 on:
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/WishList
However have a look at Jakob Hirsch's odmrd:
http://www.plonk.de/sw/odmr/
which may do what you want.
--
Dennis Davis, BUCS, University of Bath, Ba
via the sophie daemon:
http://www.clanfield.info/sophie/
We check all email with both Sophos and ClamAV.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
##
62 matches
Mail list logo